Antisec Hits Private Intel Firm; Millions of Docs Allegedly Lifted

Photo: Jim Merithew/Wired.com

The Antisec wing of Anonymous revealed on Saturday that it had compromised the servers of the private intelligence firm Strategic Forecasting Inc. — allegedly seizing millions of internal documents and thousands of credit card numbers from the company, more commonly known as Stratfor.

[bug id=”anonymous-2011″]That would be a major breach of private information from any firm. But this hack could prove particularly significant, because Stratfor serves as an information-gathering resource and open source intelligence analysis for both the U.S. military and for major corporations.

Antisec breached Stratfor’s networks several weeks ago, according to sources within the group that attacked the firm. On Saturday, Antisec began posting credit card details of a few Stratfor customers on Internet Relay Chats. But that’s just the start of a much larger data dump, the group claims. Anonymous is planning to release much more information — up to 200 gigabytes worth, in parts throughout the week leading up to New Year’s Eve. That trove allegedly includes 860,000 usernames, emails, and md5-hashed passwords; data from 75,000 credit cards, including security codes used for no card present transactions; and over 2.5 million Stratfor emails, internal Stratfor documents from the company’s intranet, and support tickets from it.stratfor.com.

“Four servers were rooted and wiped,” said one participant in the attack, “Charred like ashes, just like what we plan on doing with their old crumbling world.”

The stratfor.com website, breached by members of Anonymous on Dec. 24.

Stratfor’s website is currently down. But on its Facebook page, the company admitted that “an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.”

“We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events,” the firm added.

According to Antisec, Stratfor was using the e-commerce suite Ubercart to handle customer information. The software has built-in encryption, but Stratfor apparently used custom modules that stored customer data in cleartext. Additionally Stratfor appears to have stored the card security code of its customers, a practice generally prohibited by credit card companies.

The first information to be released was a client list culled from Stratfor’s report subscribers, showing self reported employment data. Next was over 30,000 credit cards, accompanied by the announcement that they’d been used to ‘expropriate’ money from banks for charities via small dollar donations. Anonymous participants estimated they had donated between $500,000 and $1,000,000 to charities fraudulently. They released screenshots of some of the charges, including to the Red Cross, Care, which fights poverty around the world, and the EFF. While there’s no sign the cards have been used for personal gain, the op’s participants were unconcerned for the possibility that the charities themselves could be harmed. Said one: “I understood that that was could be a procedural consequence, but the credit card corporations have a choice, to either bite it themselves (poor them, with all their billion dollar bailouts), punish the client, or worst of all, punish the charities that have had nothing to do with this.”

There’s real possibility of damage to smaller organizations if the Anonymous donations result in massive chargebacks for fraud. For instance, the Appropriate Infrastructure Development Group (AIDG) which works on access to electricity, sanitation, and clean water tweeted earlier today: “Stratfor Global has us worried. Pls don’t donate to AIDG with stolen credit cards, we get hit $35 per fraudulent transaction! #anonymous RT”

According to Antisec participants, Stratfor was targeted because of its client list, which include major companies and government entities, but also because it was terribly insecure. This may presage the future victims, as the group drifts away from picking targets for their humor value and easy hackability, and towards picking targets in line with their political goals. “We believe police and employees who work for the most significant fortune 500 companies are the most responsible for perpetuating the machinery of capitalism and the state,” said one Antisec participant, “That there will be repercussions for when you choose to betray the people and side with the rich ruling classes.”

Antisec says that future Lulxmas targets will include law enforcement groups and the companies that supply them.